Brainstorming Ideas Into Designs

Name: superpowers/brainstorming
Author: obra

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

40Medium

The skill's 'Visual Companion' tool risks SSRF or local file access by opening unsanitized local URLs.

ThreatsCI SM CS BC S HITL

incomplete

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Brainstorming Ideas Into Designs: Help turn ideas into fully formed designs and specs through natural collaborative dialogue.

Actually does

This skill guides a structured design process, starting by exploring local project files, documentation, and recent commits. It asks clarifying questions, proposes design approaches, and presents a design, which is then written to a Markdown file (`docs/superpowers/specs/YYYY-MM-DD-<topic>-design.md`) and committed to git. It explicitly invokes the `writing-plans` skill as its final step and may optionally use a 'Visual Companion' involving a local URL for visual aids.

Threat Analysis

AI Agent Traps ↗Scanned 4/14/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameobra/superpowers/brainstorming

Registrygithub

Version917e5f53b16b

PURLpkg:github/obra/superpowers@917e5f53b16b?skill=brainstorming

Stars180,084

Installs138,800

Source

Repository ↗SKILL.md ↗

SHA-256bba47904a7f6...

SHA-11b0710979c67...

MD502d86f11c496...

TLSH9422e71bfa48...

ssdeep192:FJ44yQmb...

Size10,634 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/obra/superpowers/tree/main/skills/brainstorming

138,800 installs

Claude CodeDocs

/plugin marketplace add obra/superpowers

/plugin install brainstorming@obra/superpowers

CodexDocs

Gemini CLIDocs

gemini extensions install https://github.com/obra/superpowers.git --consent

CursorDocs

Skills.shDocs

npx skills add https://github.com/obra/superpowers

Assessments (1)

AI Agent Traps ↗

Potential Vulnerabilities via Local URL in Visual Companionmediumssrf

The skill offers a 'Visual Companion' tool that 'Requires opening a local URL'. If the URL or its content is not properly sanitized or if the companion tool itself is compromised, this could lead to Server-Side Request Forgery (SSRF) or local file access vulnerabilities.

80% confidenceline 152

Requires opening a local URL

Version History (4)

c4bbe651cb1b70High4/16/2026 f9b088f7b3a670High4/14/2026 a569527b89c140Medium4/14/2026 917e5f53b16bcurrent40Medium4/14/2026

Dependencies (1)

superpowers.claude-plugin/marketplace.jsonnot scanned

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/brainstorming.svg)](https://mondoo.com/ai-agent-security/skills/github/obra/superpowers/brainstorming)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/obra/superpowers/brainstorming"><img src="https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/brainstorming.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/brainstorming.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow